You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Federico Petronio <pe...@activesec.biz> on 2004/09/23 16:12:41 UTC

[users@httpd] Security patches for 2.0.50

Hello, I planed to update Apache-2.0.50 with the recent security patches 
(http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/) but today I 
saw that there are some new ones that applies ONLY to 2.0.51

My question is, if I fist apply the security patches for 2.0.50, then 
should I apply the patch for 2.0.51 too? or the vulnerable code in 
2.0.51 is not present in the patch to 2.0.50?

Thank you!
-- 
                                         Federico Petronio
                                         petrus@activesec.biz

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Security patches for 2.0.50

Posted by Joshua Slive <js...@gmail.com>.

On Thu, 23 Sep 2004 11:12:41 -0300, Federico Petronio
<pe...@activesec.biz> wrote:
> Hello, I planed to update Apache-2.0.50 with the recent security patches
> (http://www.apache.org/dist/httpd/patches/apply_to_2.0.50/) but today I
> saw that there are some new ones that applies ONLY to 2.0.51
> 
> My question is, if I fist apply the security patches for 2.0.50, then
> should I apply the patch for 2.0.51 too? or the vulnerable code in
> 2.0.51 is not present in the patch to 2.0.50?

The patch for 2.0.51 fixes a regression, meaning the problem didn't
exist in 2.0.50.

But it would probably be better to just use 2.0.51+patch.  Then you
will get a bunch of other fixes that aren't security-related.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org